summaryrefslogtreecommitdiffstats
path: root/contrib
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2024-11-10 16:16:24 +0100
committerDaniel Baumann <daniel@debian.org>2024-11-10 16:16:24 +0100
commitcdf56a816374e203911fee70a9afbb8b6f7310d6 (patch)
tree84b844fe0f39acaae437a52b8ec4ce29ced09b08 /contrib
parentAdding debian version 1.9.14-2. (diff)
downloadhaveged-cdf56a816374e203911fee70a9afbb8b6f7310d6.tar.xz
haveged-cdf56a816374e203911fee70a9afbb8b6f7310d6.zip
Merging upstream version 1.9.19 (Closes: #999811, #1078052):
- haveged can be run as an application if also running as a daemon (Closes: #998382). Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to 'contrib')
-rw-r--r--contrib/Fedora/90-haveged.rules2
-rw-r--r--contrib/Fedora/haveged-once.service31
-rw-r--r--contrib/Fedora/haveged-switch-root.service1
-rw-r--r--contrib/Fedora/haveged.conf1
-rw-r--r--contrib/Fedora/haveged.service3
-rw-r--r--contrib/Fedora/haveged.spec33
-rw-r--r--contrib/SUSE/90-haveged.rules2
-rw-r--r--contrib/SUSE/haveged-switch-root.service1
8 files changed, 67 insertions, 7 deletions
diff --git a/contrib/Fedora/90-haveged.rules b/contrib/Fedora/90-haveged.rules
index 6b1c5cf..648d9bc 100644
--- a/contrib/Fedora/90-haveged.rules
+++ b/contrib/Fedora/90-haveged.rules
@@ -1,5 +1,5 @@
# Start the haveged service as soon as the random device is available
# to avoid starting other services while starved of entropy
-ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
+ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
diff --git a/contrib/Fedora/haveged-once.service b/contrib/Fedora/haveged-once.service
new file mode 100644
index 0000000..bfa84a5
--- /dev/null
+++ b/contrib/Fedora/haveged-once.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --once --Foreground
+SuccessExitStatus=137 143
+
+SecureBits=noroot-locked
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
+# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
+PrivateTmp=false
+PrivateDevices=true
+# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
+#PrivateNetwork=true
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+RestrictNamespaces=true
+RestrictRealtime=true
+
+LockPersonality=true
+MemoryDenyWriteExecute=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@mount
+SystemCallErrorNumber=EPERM
diff --git a/contrib/Fedora/haveged-switch-root.service b/contrib/Fedora/haveged-switch-root.service
index 8cc38cf..a3eb086 100644
--- a/contrib/Fedora/haveged-switch-root.service
+++ b/contrib/Fedora/haveged-switch-root.service
@@ -1,6 +1,7 @@
[Unit]
Description=Tell haveged about new root
DefaultDependencies=no
+ConditionKernelVersion=<5.6
ConditionPathExists=/etc/initrd-release
Before=initrd-switch-root.service
JoinsNamespaceOf=haveged.service
diff --git a/contrib/Fedora/haveged.conf b/contrib/Fedora/haveged.conf
new file mode 100644
index 0000000..e10884d
--- /dev/null
+++ b/contrib/Fedora/haveged.conf
@@ -0,0 +1 @@
+add_dracutmodules+=" haveged "
diff --git a/contrib/Fedora/haveged.service b/contrib/Fedora/haveged.service
index abb9cfc..55c8600 100644
--- a/contrib/Fedora/haveged.service
+++ b/contrib/Fedora/haveged.service
@@ -2,11 +2,12 @@
Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
DefaultDependencies=no
+ConditionKernelVersion=<5.6
After=systemd-tmpfiles-setup-dev.service
Before=sysinit.target shutdown.target systemd-journald.service
[Service]
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
+ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground -v 64
Restart=always
SuccessExitStatus=137 143
diff --git a/contrib/Fedora/haveged.spec b/contrib/Fedora/haveged.spec
index 9dc4bea..f1d50ab 100644
--- a/contrib/Fedora/haveged.spec
+++ b/contrib/Fedora/haveged.spec
@@ -1,7 +1,7 @@
%define dracutlibdir lib/dracut
Summary: A Linux entropy source using the HAVEGE algorithm
Name: haveged
-Version: 1.9.14
+Version: 1.9.17
Release: 1%{?dist}
License: GPLv3+
URL: https://github.com/jirka-h/haveged
@@ -11,7 +11,7 @@ Requires(preun): systemd
Requires(postun): systemd
BuildRequires: gcc
-BuildRequires: automake coreutils glibc-common systemd-units
+BuildRequires: make automake coreutils glibc-common systemd-units
Enhances: apache2 gpg2 openssl openvpn php5 smtp_daemon systemd
%description
@@ -21,7 +21,7 @@ Haveged is a user space entropy daemon which is not dependent upon the
standard mechanisms for harvesting randomness for the system entropy
pool. This is important in systems with high entropy needs or limited
user interaction (e.g. headless servers).
-
+
Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and Expansion)
to maintain a 1M pool of random bytes used to fill /dev/random
whenever the supply of random bits in /dev/random falls below the low
@@ -60,8 +60,11 @@ chmod 0644 COPYING README ChangeLog AUTHORS
#Install systemd service file
sed -e 's:@SBIN_DIR@:%{_sbindir}:g' -i contrib/Fedora/*service
+sed -i '/^ConditionKernelVersion/d' contrib/Fedora/*service
+
install -Dpm 0644 contrib/Fedora/haveged.service %{buildroot}%{_unitdir}/%{name}.service
install -Dpm 0644 contrib/Fedora/haveged-switch-root.service %{buildroot}%{_unitdir}/%{name}-switch-root.service
+install -Dpm 0644 contrib/Fedora/haveged-once.service %{buildroot}%{_unitdir}/%{name}-once.service
install -Dpm 0755 contrib/Fedora/haveged-dracut.module %{buildroot}/%{_prefix}/%{dracutlibdir}/modules.d/98%{name}/module-setup.sh
install -Dpm 0644 contrib/Fedora/90-haveged.rules %{buildroot}%{_udevrulesdir}/90-%{name}.rules
@@ -101,7 +104,29 @@ cp -p COPYING README ChangeLog AUTHORS contrib/build/havege_sample.c %{buildroot
%changelog
-* Sun Jun 28 2020 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-1
+* Sat Jan 08 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.17-1
+ - Update to 1.9.17
+
+* Mon Jan 03 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-2
+ - Fixed ExecStart in haveged-once.service
+
+* Sun Jan 02 2022 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.16-1
+ - Update to 1.9.16
+
+* Thu Sep 30 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.15-1
+ - Update to 1.9.15
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.9.14-4
+- Rebuilt for updated systemd-rpm-macros
+ See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.14-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Jan 3 2021 Jirka Hladky <hladky.jiri@gmail.com> - 1.9.14-2
- Update to 1.9.14
- BZ1835006 - Added dracut module
- Start the service as soon as the random device is available with
diff --git a/contrib/SUSE/90-haveged.rules b/contrib/SUSE/90-haveged.rules
index 6b1c5cf..648d9bc 100644
--- a/contrib/SUSE/90-haveged.rules
+++ b/contrib/SUSE/90-haveged.rules
@@ -1,5 +1,5 @@
# Start the haveged service as soon as the random device is available
# to avoid starting other services while starved of entropy
-ACTION=="add", KERNEL=="random" , SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
+ACTION=="add", KERNEL=="random", SUBSYSTEM=="mem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="haveged.service"
diff --git a/contrib/SUSE/haveged-switch-root.service b/contrib/SUSE/haveged-switch-root.service
index 9757da4..24b8649 100644
--- a/contrib/SUSE/haveged-switch-root.service
+++ b/contrib/SUSE/haveged-switch-root.service
@@ -1,6 +1,7 @@
[Unit]
Description=Tell haveged about new root
DefaultDependencies=no
+ConditionKernelVersion=<5.6
ConditionPathExists=/etc/initrd-release
Before=initrd-switch-root.service
JoinsNamespaceOf=haveged.service